<? 
require("required/dbconnect.php"); 
require("required/function.php"); 
require("../required/email.php"); 
$msg = "";
date_default_timezone_set('Asia/Kuala_Lumpur');
function doLogin($user_name,$user_password)
{
	$chk=mysql_query("select * from os_user where user_id='$user_name' and user_password='$user_password' and status=1")or die(mysql_error());
	$return="";
	$ip=$_SERVER['REMOTE_ADDR'];
	
	if (mysql_num_rows($chk) > 0)
	{
		$chk_abfs=mysql_query("select * from os_abfs where ip_address='$ip'");
		
		if(mysql_num_rows($chk_abfs)>0)
		{
			mysql_query("update os_abfs set attempt=0,last_attempt=now() where ip_address='$ip'");
		}
		
		$a=mysql_fetch_array($chk,MYSQL_ASSOC);
		$_SESSION['login_type'] = "admin";
		$_SESSION['admin_loginname'] =$user_name;
		
		$datetime=date("Y-m-d H:m:s");
		
		
		$_SESSION['admin_loginid']=$a['id'];
		$_SESSION['branch_id']=$a['branch_id'];
		$role=$a['role_id'];
		
		$get_role=mysql_query("select * from os_user_role where id=$role");
		
		mysql_query("update os_abfs set attempt=0 where ip='$ip'");
		
		if(mysql_num_rows($get_role)>0)
		{
		
			$r=mysql_fetch_array($get_role,MYSQL_ASSOC);
			unset($_SESSION['user_role']);
			$_SESSION['user_role']=$r['id'];
			
			generateMenu();
			
			header("Location:index.php");
		}
		else
		{
			$return="<font color='red'>There's problem with your account, please contact admin</font>";
			
		}
		
	}	
	else
	{
		
		$chk_abfs=mysql_query("select * from os_abfs where ip_address='$ip'");
		
		if(mysql_num_rows($chk_abfs)>0)
		{
			$now = date("Y-m-d H:i:s");
			$to_time=strtotime($now);
			$from_time=strtotime(mysql_result($chk_abfs,0,"last_attempt"));
			$min_diff =  round(abs($to_time - $from_time) / 60,2);
			
			if($min_diff>30)
			{
				mysql_query("update os_abfs set attempt=0,last_attempt=now() where ip_address='$ip'");
			}else{
				mysql_query("update os_abfs set attempt=attempt+1,last_attempt=now() where ip_address='$ip'");
			}
			
			if(mysql_result($chk_abfs,0,"attempt")==4)
			{
				
				$unlock_code=(generatePassword()+30001)*10;
				$unlock_code.=time();	
				mysql_query("update os_contactinfo set abfs_unlock_code='$unlock_code',abfs_lock_datetime=now() where id=1")or die(mysql_error());
				email_unlock_abfs($unlock_code);
			}
			
		}
		else
		{
			mysql_query("insert into os_abfs (ip_address,attempt,last_attempt)values('$ip','1',now())");
		}
	
		
		$return="<font color='red'>Invalid user name or password</font>";
	}
	
	return $return;
	
}


if (isset($_POST['txtuserid']))
{

	$user_name = mysql_real_escape_string($_POST['txtuserid']);
	$user_password = mysql_real_escape_string($_POST['txtpassword']);
	
	
	$ip=$_SERVER['REMOTE_ADDR'];
	
	$chk_abfs=mysql_query("select * from os_abfs where ip_address='$ip'");
	
	
	
	$msg = doLogin($user_name,$user_password);
	
		
	
}
		
	if(!empty($_GET['unlock_msg']))
	{
		switch($_GET['unlock_msg'])
		{
			case 1:
				$unlock_msg="<font color='red'>ABFS Unlock Faild!</font>";
				
				break;
			case 2:
				$unlock_msg="<font color='#00cc00'>ABFS Unlock Successful, please login again</font>";
				$msg="";
				break;
			default:
				$unlock_msg="";
				break;
		}
		
		
	}else{
		$unlock_msg="";
	}
	


?>	
<html>
<head>
<title>DC_CMS_Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="required/style_login.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#346c0a" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" style="background-image:url('images/background.png');background-repeat:repeat-x;background-position:top">
<!-- ImageReady Slices (DC_CMS_Login.psd) -->
<table id="Table_01" width="1000" height="700" border="0" cellpadding="0" cellspacing="0" align="center">
	<tr>
		<td colspan="3">
			<img src="images/login_page_01.png" width="1000" height="323" alt=""></td>
	</tr>
	<tr>
		<td rowspan="2">
			<img src="images/login_page_02.png" width="351" height="377" alt=""></td>
		<td bgcolor="#FFFFFF">
			<table id="Table_01" width="371" height="139" border="0" cellpadding="0" cellspacing="0">
                <tr>
                    <td>
                        <img src="images/login_field_01.png" width="371" height="13" alt=""></td>
                </tr>
                <tr>
                    <td width="371" height="112" bgcolor="#606060">
                        <table width="100%" cellpadding="0" cellspacing="0" >
                            <td>
                                <?
                                    $ip=$_SERVER['REMOTE_ADDR'];
                                    $chk_abfs=mysql_query("select * from os_abfs where ip_address='$ip'");
                        			
									
                                    if(mysql_num_rows($chk_abfs)>0)
                                    {
                                    
                                        $now = date("Y-m-d H:i:s");
                                        $to_time=strtotime($now);
                                        $from_time=strtotime(mysql_result($chk_abfs,0,"last_attempt"));
                                        $min_diff =  round(abs($to_time - $from_time) / 60,2);
                
                                        if(mysql_result($chk_abfs,0,"attempt")==5 && $min_diff<30)
                                        {				
                                                                                
                                            
                                ?>            
                                
                                <table border="0" cellpadding="0" cellspacing="0" width="100%" align="center">
                                <tr>
                                    <td valign="top" colspan="4" align="center" height="20">
                                    <?
                                        if($unlock_msg=="")
                                        {
                                    ?>
                                    <div class='dw_failed'>Brutal force login detected! Access blocked</div>
                                    <? }else{ ?>
                                    <?= $unlock_msg ?>
                                    <? } ?>
                                
                                </td>
                                </tr>
                                
                               
                                </table>
                                
                                <? 		
                                        }
                                        else
                                        { 
                                ?>
                                <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post" name="frm" id="frm">
                                <table border="0" cellpadding="0" cellspacing="0" width="100%" align="center">
                                <tr><td valign="top" colspan="4" align="center" height="20"><?= $msg  ?><?= $unlock_msg ?></td></tr>
                                
                                <tr><td width="76"></td><td width="78" align="left"><font color="#FFFFFF">Username</font></td><td width=164><input class="text" type="text" name="txtuserid"></td><td width="2"></td></tr>
                                <tr><td></td><td align="left"><font color="#FFFFFF">Password</font></td><td><input class="text" type="password" name="txtpassword"></td><td></td></tr>
                                <tr><td colspan="4" align="center"><input class="text" type="image" src="images/Submit_Btn.png" alt="submit">&nbsp;</td></tr>
                                </table>
                                </form>
                                
                                <? 	
                                        }
                                    }
                                    else
                                    {
                                    
                                ?>
                                <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post" name="frm" id="frm">
                                <table border="0" cellpadding="0" cellspacing="0" width="100%" align="center">
                                <tr><td valign="top" colspan="4" align="center" height="20"><?= $msg  ?></td></tr>
                                
                               <tr><td width="76"></td><td width="78" align="left"><font color="#FFFFFF">Username</font></td><td width=164><input class="text" type="text" name="txtuserid"></td><td width="2"></td></tr>
                                <tr><td></td><td align="left"><font color="#FFFFFF">Password</font></td><td><input class="text" type="password" name="txtpassword"></td><td></td></tr>
                                <tr><td colspan="4" align="center"><input class="text" type="image" src="images/Submit_Btn.png" alt="submit">&nbsp;</td></tr>

                                </table>
                                </form>
                                
                                <? 		 
                                    }	
                                ?>
                            </td>
                            
                        </table>
                     </td>
                </tr>
                <tr>
                    <td>
                        <img src="images/login_field_03.png" width="371" height="14" alt=""></td>
                </tr>
            </table></td>
		<td rowspan="2">
			<img src="images/login_page_04.png" width="278" height="377" alt=""></td>
	</tr>
	<tr>
		<td>
			<img src="images/login_page_05.png" width="371" height="238" alt=""></td>
	</tr>
</table>
<!-- End ImageReady Slices -->
</body>
</html>